8-16
UserGuide for Cisco Digital Media Manager5.4.x
OL-15762-05
Chapter8 Authentication and Federated Identity
Concepts
•
LDAP returns matched records from all levels within the user base that your filter defines.
Use “memberOf” values to pinpoint a filter more precisely
•
But what if you did not want to include any members of Milpitas or Sunnyvale? If your
ActiveDirectory server considered these cities (organizational units) to be subsets of San José, how
could you exclude their members? To do so, you would use the
memberOf
attribute. It stops LDAP from matching records at any lower level than the one you name explicitly.
In this scenario for example, you would use
memberOf=OU=SanJose,DC=example,DC=com
to match only the direct members of the “SanJose” OU.
Use “objectClass” values to match all user records
•
You can define a comprehensive filter that matches all user records.
objectClass=user
Password Concepts•
Understand the Effects of a Changed Password in Active Directory, page 8-16
•
Understand the Effects of a Blank Password in Active Directory, page 8-17
Understand the Effects of a Changed Password in Active Directory
Note MicrosoftActive Di rectory is the only LDAP implementation that we support in this release.
After you change a user password on your Active Directory server, there is no requirement to
resynchronize the affected user account in DMS-Admin.
Would a filter for “
OU=SanJose,DC=example,DC=com
” ever include any users from...?
OU=RTP,DC=example,DC=com
No
1
OU=Milpitas,OU=SanJose,DC=example,DC=com
Yes
2
OU=Sunnyvale,OU=SanJose,DC=example,DC=com
Yes
2
1. Research Triangle Park, NC, does not have any physical connection to San José, CA.
2. Milpitas, CA and Sunnyvale, CA, are suburbs of San José, CA, which affects them directly and in multiple ways.